SCOM 2016 – Linux Agent Deployment “Signed certificate verification operation was not successful”
Today, while trying to add my linux servers to my new SCOM 2016 environment, I ran into an interesting issue.
When deploying the agent to my CentOS 6.8 server, all was going fine, then suddenly *holy drama!* – the agent install fails, indicating “The SSL certificate could not be checked for revocation”
When clicking the details link, this is what is shown:
SCOM uses ssl to communicate via between the management server and the monitored system/server/client, etc. The problem I faced is that the server has a host name set to SERVER.DOMAIN-COOL.COM, and in order to authenticate successfully the HOSTNAME name MUST match the FQDN (fully qualified domain name) of the name that is resolved by SCOM. i.e. SERVER.DOMAIN.COM.
If you are facing this scenario and your UNIX/Linux server has a different hostname then what is in DNS you have two choices. Either you change the hostname on your server, which may or may not be an option, or you create a new certificate with the FQDN hostname and private key without touching the server name at all using the scxsslconfig tool. I decided to perform the latter. Just open the a shell and run…
/opt/microsoft/scx/bin/tools/scxsslconfig –h server –d domain.com -f –v
After executing the command, make sure to restart the agent.
/opt/microsoft/scx/bin/tools/scxadmin –restart
After the service is restarted head back to your SCOM console, and attempt to manage the linux server again.
This time it will complete successfully.
Still the same error even after following above steps, thing is for some servers it is working and for some it is not
Have you validated that the server host name and that the common name on the certificate match exactly? You can use openssl to validate this. Steps for this are included on the technet article.